Discovery & Counter-Infiltration (D&CI) Technical Lead - Military veterans preferred
2018-11-19 SAIC (www.saic.com)
Quantico Virginia 22134 United States
SAIC is seeking a Sr. Cyber Security Analyst who will be a member of technical engineering and services solutions to a DoD Cyber Security Service Provider (CSSP) in support of mission critical DoD systems in Stafford, VA.
Responsible for daily execution of communication plan with the government to synchronize the efforts of the Incident Management, Hunt, and Cyber Threat Analysis Cell (CTAC) divisions to meet contract deliverables.
Lead efforts in collecting and analyzing network and computing events presented via numerous sources in order to identify and document malicious or unauthorized activity on the Enterprise Network.
Conduct initial, formal incident reporting and documenting technical details in a Database.
Use appropriate skills and techniques in scoping, containing and eradicating incidents.
Responsible for supporting the transition of network defense configurations as informed by resolved incidents in order to prevent future occurrences.
Hunt team support: - Maintain the body of documentation that describes the tactics, techniques and procedures that comprise the Hunt team.
Assess and identify Advanced Persistent Threat (APT) activities within an Operating System.
Develop and document tactics, techniques, and procedures (TTPs) for resource planning, operations, and analysis.
Research, identify, and verify new APT TTPs to strengthen the overall security posture of the Enterprise Network.
Coordinate with intelligence analysts and external threat intelligence reporting sources to support maintenance of current APT TTPs.
Directly manage Hunt operations from inception to final after action reporting by leading the technical efforts of the Hunt Team.
CND support: - Maintain the body of documentation that describes DCOS CND Incident Response tactics, techniques and procedures, to include an emphasis on Malware and Forensic Analysis.
Perform initial, forensically sound collection of system images and inspect same to discern possible mitigation and remediation of network incidents on the Enterprise Network.
Perform remote incident handling support such as forensics collections, intrusion correlation tracking, threat analysis and direct system remediation tasks to on-site responders.
Provide malware analysis to develop incident timelines to include: the dates and times of significant events, command and control domains, and call back addresses; threat objective; and compromised hosts and data.
Support custom signature and correlation rules creation to enhance Enterprise Network protections.
Support the creation of a ‘big data’ analysis program through the identification of attributes and indications of targeted activity for profile development within the deployed DCOS sensor grid.
Document findings; provide reports which incorporate intelligence information provided by the Intelligence branch, historical attack information, as well as current and future (projected/possible) threats targeting the Enterprise Network; Exploit Analysis support: - Create and maintain the body of documentation that describes the tactics, techniques and procedures that comprise the Enterprise Network Exploit Analyst team.
Prioritize mitigation actions based on assessed risk upon discovery of critical exploits and vulnerabilities within the lab and production environments.
Conduct, analyze and review penetration tests and Joint Red Team assessment results to develop recommendations to protect the Enterprise Network.
Analyze and review application, system, and network security postures across the Enterprise Network in both lab and production environments through active scanning, application-layer protocol fingerprinting or traffic analysis.
Develop the processes and procedures for replaying network attacks/compromises within a lab environment in order to scope the situation and develop recommended mitigation actions.
Required Education and Experience:
Bachelor’s Degree in Computer Science or related IT field or four years of experience in lieu of degree, plus 14+ years experience.
5+ years of experience managing personnel in an information assurance environment.
Experience handling nation state level intrusions.
5+ years of demonstrated experience with CND tools, tactics, and techniques in a computer network defense environment.
Must Possess a CNDSP Analyst certification (CEH, GCIA, or GCIH).
Must Possess IAT Level III certification (CASP CE, CCNP Security, CISA, CISSP, GCED, or GCIH) on day one.